a software development kit to exploit rina...
Post on 24-Sep-2020
5 Views
Preview:
TRANSCRIPT
An SDK to exploit RINA programmability
A Software Development Kit to exploit RINA programmability
Eduard Grasa (presenter), Vincenzo Maffione, Francesco Salvestrini, Leonardo Bergesio, Miquel Tarzan
FP7 PRISTINE ICC 2016, Kuala Lumpur, May 24th 2016
WHATISRINA?1
2
RINA highlights
• Network architecture resulting from a fundamental theory of computer networking
• Networking is InterProcess Communication (IPC) and only IPC. Unifies networking and distributed computing: the network is a distributed application that provides IPC
• There is a single type of layer with programmable functions, that repeats as many times as needed by the network designers
• All layers provide the same service: communication (flows) between two or more application instances, with certain characteristics (delay, loss, in-order-delivery, etc)
• There are only 3 types of systems: hosts, interior and border routers. No middleboxes (firewalls, NATs, etc) are needed
• Deploy it over, under and next to current networking technologies
1
2
3
4
5
6
3
From the “TCP/IP” protocol suite …
• Functional layers organized for modularity, each layer provides a different service to each other – As the RM is applied to the real world, it proofs to be
incomplete. As a consequence, new layers are patched into the reference model as needed (layers 2.5, VLANs, VPNs, virtual network overlays, tunnels, MAC-in-MAC, etc.)
(Theory) (Prac.ce)
4
… to the RINA architecture Single type of layer, consistent API, programmable policies
Host
Borderrouter InteriorRouter
DIF
DIF DIF
Borderrouter
DIFDIF
DIF(DistributedIPCFacility)
Host
AppA
AppB
ConsistentAPIthrough
layers
IPCAPI
DataTransfer DataTransferControl LayerManagement
SDUDelimiNng
DataTransfer
RelayingandMulNplexing
SDUProtecNon
RetransmissionControl
FlowControl
RIBDaemon
RIB
CDAPParser/Generator
CACEP
Enrollment
FlowAllocaNon
ResourceAllocaNon
RouNng
AuthenNcaNon
StateVectorStateVectorStateVector
DataTransferDataTransfer
RetransmissionControl
RetransmissionControl
FlowControlFlowControl
IncreasingNmescale(funcNonsperformedlessoUen)andcomplexity
NamespaceManagement
SecurityManagement
5
Deployment Clean-slate concepts but incremental deployment
Large-scale RINA Experimentation on FIRE+ 6
• IPv6 brings very small improvements to IPv4, but requires a clean slate deployment (not compatible to IPv4)
• RINA can be deployed incrementally where it has the right incentives, and interoperate with current technologies (IP, Ethernet, MPLS, etc.) – Over IP (just like any overlay such as VXLAN, NVGRE, GTP-U, etc.) – Below IP (just like any underlay such as MPLS or MAC-in-MAC) – Next to IP (gateways/protocol translation such as IPv6)
IP Network
RINA Provider
RINA Network
Sockets ApplicationsRINA supported Applications
IP or Ethernet or MPLS, etc
RECURSION,VIRTUALIZATIONANDPROGRAMMABILITY2
7
Recursion instead of virtualization (I)
• RINA recursive layering structure cleans up and generalizes the current protocol stack.
• Example 1: PBB-VPLS (Virtual Private LAN Service) – Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
8
Recursion instead of virtualization (I)
• RINA recursive layering structure cleans up and generalizes the current protocol stack.
• Example 1: PBB-VPLS (Virtual Private LAN Service) – Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
9
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIFPtPDIFPtPDIFPtPDIF PtPDIF PtPDIF PtPDIF
Recursion instead of virtualization (I)
• RINA recursive layering structure cleans up and generalizes the current protocol stack.
• Example 1: PBB-VPLS (Virtual Private LAN Service) – Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
10
MetroDIF MetroDIF
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIFPtPDIFPtPDIFPtPDIF PtPDIF PtPDIF PtPDIF
Recursion instead of virtualization (I)
• RINA recursive layering structure cleans up and generalizes the current protocol stack.
• Example 1: PBB-VPLS (Virtual Private LAN Service) – Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
11
MetroDIF MetroDIFCoreDIF
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIFPtPDIFPtPDIFPtPDIF PtPDIF PtPDIF PtPDIF
Recursion instead of virtualization (I)
• RINA recursive layering structure cleans up and generalizes the current protocol stack.
• Example 1: PBB-VPLS (Virtual Private LAN Service) – Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
12
ProviderVPNServiceDIF
MetroDIF MetroDIFCoreDIF
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIFPtPDIFPtPDIFPtPDIF PtPDIF PtPDIF PtPDIF
Recursion instead of virtualization (I)
• RINA recursive layering structure cleans up and generalizes the current protocol stack.
• Example 1: PBB-VPLS (Virtual Private LAN Service) – Uses MAC-in-MAC encapsulation to isolate provider’s core from
customers addresses and VLANs
13
GreenCustomerVPNDIF
ProviderVPNServiceDIF
MetroDIF MetroDIFCoreDIF
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIFPtPDIFPtPDIFPtPDIF PtPDIF PtPDIF PtPDIF
Recursion instead of virtualization (II)
• Example 2: LTE (Long Term Evolution) – Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
14
IP(e.g.Internet)
TCPorUDP
PDCP GTP-U
Protocol conversion
GTP-U
RLC
MAC
L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1UE
eNodeB S-GW P-GW
EPS bearer EPS bearer
LTE-Uu
S1-U S5/S8
MAC
L1
SGi
Recursion instead of virtualization (II)
• Example 2: LTE (Long Term Evolution) – Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
15
IP(e.g.Internet)
TCPorUDP
PDCP GTP-U
Protocol conversion
GTP-U
RLC
MAC
L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1UE
eNodeB S-GW P-GW
EPS bearer EPS bearer
LTE-Uu
S1-U S5/S8
MAC
L1
SGi
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIF
Recursion instead of virtualization (II)
• Example 2: LTE (Long Term Evolution) – Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
16
IP(e.g.Internet)
TCPorUDP
PDCP GTP-U
Protocol conversion
GTP-U
RLC
MAC
L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1UE
eNodeB S-GW P-GW
EPS bearer EPS bearer
LTE-Uu
S1-U S5/S8
MAC
L1
SGi
MobileOperatorTransportDIF
MobileOperatorTransportDIF
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIF
Recursion instead of virtualization (II)
• Example 2: LTE (Long Term Evolution) – Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
17
IP(e.g.Internet)
TCPorUDP
PDCP GTP-U
Protocol conversion
GTP-U
RLC
MAC
L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1UE
eNodeB S-GW P-GW
EPS bearer EPS bearer
LTE-Uu
S1-U S5/S8
MAC
L1
SGi
Mul>-accessradioDIF
MobileOperatorTransportDIF
MobileOperatorTransportDIF
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIF
Recursion instead of virtualization (II)
• Example 2: LTE (Long Term Evolution) – Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
18
IP(e.g.Internet)
TCPorUDP
PDCP GTP-U
Protocol conversion
GTP-U
RLC
MAC
L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1UE
eNodeB S-GW P-GW
EPS bearer EPS bearer
LTE-Uu
S1-U S5/S8
MAC
L1
SGi
MobileAccessNetworkTopLevelDIF
Mul>-accessradioDIF
MobileOperatorTransportDIF
MobileOperatorTransportDIF
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIF
Recursion instead of virtualization (II)
• Example 2: LTE (Long Term Evolution) – Uses PDCP, GTP to transport user’s IP payload, and also relies on
internal IP network.
19
IP(e.g.Internet)
TCPorUDP
PDCP GTP-U
Protocol conversion
GTP-U
RLC
MAC
L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1
UDP
IP(LTEtransport)
MAC MAC. . .
L1 . . . L1UE
eNodeB S-GW P-GW
EPS bearer EPS bearer
LTE-Uu
S1-U S5/S8
MAC
L1
SGi
PublicInternetDIF
MobileAccessNetworkTopLevelDIF
Mul>-accessradioDIF
MobileOperatorTransportDIF
MobileOperatorTransportDIF
PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIF
Recursion instead of virtualization (III)
• Example 3: Data Center Network with NVO3 – Network Virtualization Over Layer 3, uses overlay virtual networks on
top of the DCN’s fabric layer 3 to support multi-tenancy
• Recursion provides a cleaner, simpler solution than virtualization – Repeat the same building block, with the same interface. 20
ToR ToRFabric Spine Fabric
Server ServerIPv4orIPv6(Fabriclayer)
UDPVM VM
Ethernet Ethernet Ethernet Ethernet
VXLAN802.1Q802.3 802.1Q
IPv4orIPv6(tenantoverlay)
TCPorUDPorSCTP,…(transportlayer)
802.3
Protocolconversion,Localbridging
Recursion instead of virtualization (III)
• Example 3: Data Center Network with NVO3 – Network Virtualization Over Layer 3, uses overlay virtual networks on
top of the DCN’s fabric layer 3 to support multi-tenancy
• Recursion provides a cleaner, simpler solution than virtualization – Repeat the same building block, with the same interface. 21
ToR ToRFabric Spine Fabric
Server ServerIPv4orIPv6(Fabriclayer)
UDPVM VM
Ethernet Ethernet Ethernet Ethernet
VXLAN802.1Q802.3 802.1Q
IPv4orIPv6(tenantoverlay)
TCPorUDPorSCTP,…(transportlayer)
802.3
Protocolconversion,Localbridging PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIF PtPDIFPtPDIFPtPDIF
Recursion instead of virtualization (III)
• Example 3: Data Center Network with NVO3 – Network Virtualization Over Layer 3, uses overlay virtual networks on
top of the DCN’s fabric layer 3 to support multi-tenancy
• Recursion provides a cleaner, simpler solution than virtualization – Repeat the same building block, with the same interface. 22
ToR ToRFabric Spine Fabric
Server ServerIPv4orIPv6(Fabriclayer)
UDPVM VM
Ethernet Ethernet Ethernet Ethernet
VXLAN802.1Q802.3 802.1Q
IPv4orIPv6(tenantoverlay)
TCPorUDPorSCTP,…(transportlayer)
802.3
Protocolconversion,Localbridging PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIF PtPDIFPtPDIFPtPDIF
DCFabricDIF
Recursion instead of virtualization (III)
• Example 3: Data Center Network with NVO3 – Network Virtualization Over Layer 3, uses overlay virtual networks on
top of the DCN’s fabric layer 3 to support multi-tenancy
• Recursion provides a cleaner, simpler solution than virtualization – Repeat the same building block, with the same interface. 23
ToR ToRFabric Spine Fabric
Server ServerIPv4orIPv6(Fabriclayer)
UDPVM VM
Ethernet Ethernet Ethernet Ethernet
VXLAN802.1Q802.3 802.1Q
IPv4orIPv6(tenantoverlay)
TCPorUDPorSCTP,…(transportlayer)
802.3
Protocolconversion,Localbridging PtPDIF PtPDIF PtPDIF PtPDIF
PtPDIF PtPDIFPtPDIFPtPDIF
DCFabricDIF
TenantDIF
Network Programmability
• Centralized control of data forwarding – GSMPv3 (label switches:
ATM, MPLS, optical), OpenFlow (Ethernet, IP, evolving)
• APIs for controlling network services & network devices – ONF SDN architecture,
IEEE P1520 (P1520 distinguished between virtual devices and hardware)
24
ONF‘s SDN architecture
Separation of mechanism from policy
25
IPCAPI
DataTransfer DataTransferControl LayerManagement
SDUDelimiNng
DataTransfer
RelayingandMulNplexing
SDUProtecNon
RetransmissionControl
FlowControl
RIBDaemon
RIB
CDAPParser/Generator
CACEP
Enrollment
FlowAllocaNon
ResourceAllocaNon
RouNng
AuthenNcaNon
StateVectorStateVectorStateVector
DataTransferDataTransfer
RetransmissionControl
RetransmissionControl
FlowControlFlowControl
NamespaceManagement
SecurityManagement
• All layers have the same mechanisms and 2 protocols (EFCP for data transfer, CDAP for layer management), programmable via policies. – All data transfer and layer management functions are programmable!
• Don’t specify/implement protocols, only policies – Re-use common layer structure, re-use policies across layers
• This approach greatly simplifies the network structure, minimizing the management overhead and the cost of supporting new requirements, new physical media or new applications
DESIGNANDIMPLEMENTATIONOFANSDKFORIRATI3
26
IRATI design: decisions and tradeoffs
27
Decision Pros Cons
Linux/OSvsotherOpera.ngsystems
Adop%on,Community,Stability,Documenta%on,Support
Monolithickernel(RINA/IPCModelmaybebe@ersuitedtomicro-kernels)
User/kernelsplitvsuser-spaceonly
IPCasafundamentalOSservice,accessdevicedrivers,hardware
offload,IPoverRINA,performance
Morecompleximplementa%onand
debugging
C/C++vsJava,Python,…
Na%veimplementa%onPortability,Skillstomaster
language(users)
MulNpleuser-spacedaemonsvssingleone
Reliability,Isola%onbetweenIPCPsandIPCManager
Communica%onoverhead,morecompleximpl.
SoU-irqs/taskletsvs.workqueues(kernel)
Minimizelatencyandcontextswitchesofdatagoingthroughthe
“stack”
Morecomplexkernellockinganddebugging
Overview of IRATI and its SDK
NormalIPCProcess(LayerManagement)
Userspace
IRATIRINAimplementaNon
KernelKernelIPCManager
NormalIPCProcess(DataTransfer/Control)
ShimIPCPover802.1Q
IPCPDaemon(LayerMgmt)
IPCManagerDaemon
NormalIPCP(DataTransfer)
SHIMIPCP
App
zoomin
zoomin
zoomin
NormalIPCP(Datatransfer)
ErrorandFlowControlProtocol
RelayingandMul%plexingTask
SDUProtec%on
SDKsupport
RTT
policy
Txctrl
policy
ECN
policy
...
SDKsupport
Forw
ar
policy
Sche
du
policy
MaxQ
policy
Mon
it
policy
SDKsupport
TTL
policy
CRC
policy
Encryp
policy
NormalIPCP(LayerMgmt)
RIB&RIBDaemon
librina
Resourcealloca%on
Flowalloca%on
Enrollment
NamespaceManagement
SecurityManagement
Rou%ng
SDKsupport
Auth.
policy
Acc.ctrl
policy
Coord
policy
SDKsupport
Add
ress
assign
Directory
replica
Add
ress
valid
at
SDKsupportNewflowpolicy
SDKsupport
PFTgen
policy
Pushba
kno
Nfy
Enroll.sequence
SDKsupport
RouNngpolicyIPCManager
librina
ManagementAgent
IPCMlogic
NetworkManager(NMSDAF)
SDKsupportRIB&RIBDaemon
ShimIPCP
ShimIPCP
RINA Plugins Infrastructure (RPI) Kernel RPI (kRPI)
29
PolicySetlifecycle PolicySetclasses• Different policy-set class per component, since each component has different policies.
● “OO”approach
● All policy set classes derivefrombaseclass
● All components derive frombaseclass
● PluginsareLoadableKernelModules(LKM)
● Theypublishasetofpolicysets,becomesavailabletotheRINAstack.
● Factories,namedaXereachpolicyset,provideopera.ons tocreate/delete instancesofpolicysetclasses
RINA Plugins Infrastructure (RPI) User-space RPI uRPI)
30
● SameconceptsaskRPI(factories,lifecycle,policyclasses),differentimpl
● PluginsaresharedobjectsdynamicallyloadedbytheIPCPDaemon,loadedthroughthelibdllibrary
SDK Usage: Experimentation with IRATI Data transfer policies: RMT and EFCP
31
• Programmed data transfer policies to manage congestion in a distributed cloud environment.
• Two touch points: i) ECN-marking policies for the RMT; ii) flow control policies that react to ECN-marked PDUs in EFCP
“TCPTahoe”(EFCP)+RED(RMT)
DECBinaryfeedback(EFCPandRMT)
ONGOINGRINAINITIATIVES4
32
Research, open source, standards • Current research projects
– FP7 PRISTINE (2014-2016) http://ict-pristine-eu – H2020 ARCFIRE (2016-2017) http://ict-arcfire.eu – Norwegian project OCARINA(2016-2021) – BU RINA team http://csr.bu.edu/rina
• Open source implementations – IRATI (Linux OS, C/C++, kernel components, policy framework, RINA
over X) http://github.com/irati/stack – RINASim (RINA simulator, OMNeT++) – ProtoRINA (Java, RINA over UDP, quick prototyping)
• Key RINA standardization activities – Pouzin Society (experimental specs) http://pouzinsociety.org – ISO SC6 WG7 (2 new projects: Future Network – Architectures, Future
Network- Protocols) – ETSI Next Generation Protocols ISG
1
2
3
4
1
2
3
1
2
3
33
top related